<html>
<head>
<link rel="stylesheet" type="text/css" href="./style.css" />
</head>
<img style="margin-left:42%; text-align:center" src="./img/logo_txt_only.jpg" />
<div style="text-align:center;background-color:#d0ddcf;border: 1px solid #9CAA9C;width:300px;margin-left:40%;margin-left:40%;">

<?php

include('functions.php');

dbConnect();

if(isset($_POST['loginSubmitted'])){
	
	$errors = array();
	
	if(empty($_POST['username'])){
		$errors[] = 'You did not enter a username!';
	} else {
		$u = $_POST['username'];
	}
	
	$u = $_POST['username'];
	
	if(empty($_POST['password'])){
		$errors[] = 'You did not enter a password';
	} else {
		$p = $_POST['password'];
	}
	
	$d = $_POST['domain'];
	
	$fullName = $u . '$' . $d;
	
	if(empty($errors)){
		
		$ip = $_SERVER['REMOTE_ADDR'];
		
		date_default_timezone_set('America/Denver');
		$today = date("y-m-d");
		
		$ipQuery = mysql_query("SELECT failed_logons FROM ipLog WHERE (ip = '$ip' AND date = '$today')");
		
		$ipArray = mysql_fetch_array($ipQuery, MYSQL_NUM);
		
		$failed_logons = $ipArray[0];
		
		$check = false;
		
		$userSQL = mysql_query("SELECT username, domain, level, id, status FROM users WHERE (username='$u' AND domain='$d' AND password=SHA('$p'))");
		
		$userSQLCount = mysql_num_rows($userSQL);
		
		$row = mysql_fetch_array($userSQL, MYSQL_NUM);

		if($userSQLCount != 0){ //If found user
			
			if($row[4]=='banned' || $failed_logons > 5){ //If Banned or Too many Login attempts
				echo 'You have been banned, your IP has been logged.';
				if($ipArray[0] < 5){
					echo 'Your ip has failed logon attempts today greater than 5 times, try again tomorrow';
					logAction($_SERVER['REMOTE_ADDR'], $u . '@' . $d . ' failed to enter correct password more than 5 times');
					
				}
				logAction($_SERVER['REMOTE_ADDR'], 'Banned User attempted login, user ' . $u . '@' . $d);
				
			} else { //Login successfully
				$_SESSION['user'] = $row[0];
				$_SESSION['domain'] = $row[1];
				$_SESSION['userId'] = $row[3];
				$_SESSION['level'] = $row[2];

				$fullName = $_SESSION['user'] . '@' . $_SESSION['domain'];
				
				$ipUsernameSQL = mysql_query("SELECT usernames FROM ipLog WHERE (ip = '$ip' AND date = '$today')");
				$ipUsername = mysql_fetch_array($ipUsernameSQL, MYSQL_NUM);
				
				$ipUsernames = explode("/", $ipUsername[0]);
				
				
				$foundUserIp = FALSE;
				foreach($ipUsernames as $i){
					if($i == $fullName){
						$foundUserIp = TRUE;
					} else {
						//Do Nothing
					}
				}
				
				$updateUsername = $ipUsername[0] . '/' . $fullName;
				
				if(!$foundUserIp){
					//mysql_query("UPDATE ipLog SET usernames = CONCAT(usernames, '$updateUsername') WHERE (ip = '$ip' AND date = '$today')");
				}

				logAction($fullName, 'logged in successfully');

				echo 'you have successfully logged in<br />';
			}
				
		} else {
			echo 'Could not find the username or password, your ip address has been logged<br />';
			mysql_query("UPDATE ipLog SET failed_logons = failed_logons +1 WHERE (ip = '$ip' AND date = '$today')");
			echo '<a href="login.php">Try Again</a>';
			logAction($_SERVER['REMOTE_ADDR'], 'Incorrect Password attempt, user ' . $u . '@' . $d);
		}
	} else {
		
		foreach($errors as $msg){
			echo $msg ;
		}
		echo '<a href="login.php">Try Again</a>';
	}
} else { ?>
	<form name="input" action="login.php" method="post">
		<input type="text" size="10" value="username" name="username" />
		<select name="domain">
			<?php
			$domain_result = mysql_query("SELECT domain, name FROM domains");

			while($row = mysql_fetch_assoc($domain_result)){
				echo '<option value = "' . $row['domain'] . '">@' . $row['domain'] . '</option>';
			}

			?>
		</select><br />
		<input type="password" size="30" name="password" value="password" /><br />
		<input type="hidden" name="loginSubmitted" value="TRUE">
		<input type="submit" value="Login" /><a href="<?= getUrl(); ?>recoverPassword.php">Recover Password</a>
	</form>
<?php } ?>

</div>

<a style="margin-left:48%;text-align:center;color:black" href="<?= getUrl(); ?>">Return Home</a>

</html>